... I'm wondering about the security of having my password
sitting in plaint text in my .fetchmailrc file ...
...
The longer answer is - you can't win this one. If you go with
PGP you'll need to embed the pass phrase (or use a null one),
which gains you nothing. If you use reversible encryption, the
code is in the source and writing a decryptor would be trivial.
Agreed.
All you can do is trust those with access to the root account as
only root or the owner of the file can read it.
You also have to trust members of the "backup" or "operator" group,
which typically has read access to the device containing the
filesystem. On some *ix systems, this includes a world-executable,
sgid instance of the "dump" utility :(